CVE-2020-1776 Invalidating or changing user does not invalidate session

🗓️ 20 Jul 2020 21:04:19Reported by OTRSType

Invalidating or changing user maintains active sessio

Reporter	Title	Published	Views	Family All 43
CNVD	Open-source Ticket Request System Code Issue Vulnerability	21 Jul 202000:00	–	cnvd
CVE	CVE-2020-1776	20 Jul 202021:04	–	cve
Debian	[SECURITY] [DLA 3551-1] otrs2 security update	31 Aug 202300:20	–	debian
Debian CVE	CVE-2020-1776	20 Jul 202021:04	–	debiancve
Tenable Nessus	Debian dla-3551 : otrs - security update	6 Sep 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-1776	18 Aug 202500:00	–	nessus
EUVD	EUVD-2020-12602	7 Oct 202500:30	–	euvd
NVD	CVE-2020-1776	20 Jul 202021:15	–	nvd
OpenVAS	Debian: Security Advisory (DLA-3551-1)	31 Aug 202300:00	–	openvas
OSV	DEBIAN-CVE-2020-1776	20 Jul 202021:15	–	osv

[
  {
    "vendor": "OTRS AG",
    "product": "((OTRS)) Community Edition",
    "versions": [
      {
        "version": "6.0.x",
        "status": "affected",
        "lessThanOrEqual": "6.0.28",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "OTRS AG",
    "product": "OTRS",
    "versions": [
      {
        "version": "7.0.x",
        "status": "affected",
        "lessThanOrEqual": "7.0.18",
        "versionType": "custom"
      },
      {
        "version": "8.0.x",
        "status": "affected",
        "lessThanOrEqual": "8.0.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2023/08/msg00040.html
otrs	www.otrs.com/release-notes/otrs-security-advisory-2020-13/

31 Aug 2023 02:07Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.13.5

EPSS0.00326

CWE-613